Recently, we took a closer look at Devolutions Gateway, which integrates with Devolutions Server and provides authorized just-in-time access to resources in segmented networks. Today, we are going to dive deeper and explain the Devolutions Gateway adaptive connection modes.
Regular Connection Flow
The regular connection flow uses the Devolutions Gateway to reach a destination server that is normally not directly accessible from the client:
- Remote Desktop Manager requests a short-lived authorization token from Devolutions Server.
- Remote Desktop Manager connects to Devolutions Gateway using the authorization token.
- Devolutions Gateway validates the authorization token, then connects to the destination server.
Once the connection is established, the Remote Desktop Manager client [A] is connected to the destination server [C] through Devolutions Gateway [B], like this:
A <-> B <-> C
If direct connectivity between A and C is possible, it is not attempted. And if the destination server [C] is not reachable by Devolutions Gateway [B], the connection fails.
Attempt Direct Connection
While it is recommended to enforce connections through Devolutions Gateway at all times, some customers would rather bypass it when a direct connection is possible, like this:
A <-> C
A common scenario is to make a direct connection when physically present in the office, and use the Devolutions Gateway to work from home without using a VPN. Here are the steps:
In the connection entry properties, under VPN/SSH/Gateway, select Connect if unable to ping/port scan as the Devolutions Gateway connection mode:
Local connection bypass
With this mode, Remote Desktop Manager will connect to Devolutions Gateway if direct connectivity testing (ping, port scan) fails. You can also change the kind of test that is used to determine if the destination server is reachable or online:
Local connection check
Note: since ping requests are often blocked by the firewall, the port scan may prove to be a more reliable method.
It may be tempting to bypass Devolutions Gateway when on the local network, as a way to improve connection performance. This habit is often due to the equivalent Bypass RD Gateway for local addresses option in the Microsoft Remote Desktop Gateway:
RD Gateway - Bypass for local addresses
The Devolutions Gateway is significantly faster than the RD Gateway, because it doesn't have the same protocol overhead. The chances are that most users won't notice the difference. However, testing for direct connectivity costs a few seconds every time, which is definitely noticeable.
Attempt Alternate Hosts
Remote Desktop Manager supports connecting to alternate hosts when the primary host is not reachable, which is a common scenario in high availability deployments with redundant servers. When this feature is used, Devolutions Gateway will attempt connecting, in order, to the list of alternate hosts [D] when the connection to the primary host failed [C], like this:
A <-> B <-> D
In the connection entry properties, under Description, select Manual as the alternate host type, and then enter a list of hosts right below:
Alternate Hosts - Manual
Customers who would rather be prompted to select one host from the list can use the Prompt alternate host type:
Alternate Hosts - Prompt
Note: the Allow custom host option is not supported with the Devolutions Gateway since Devolutions Server needs to know the complete list of destination servers before the connection is initiated.
Questions or Comments?
We hope that you find this information useful. If you have any questions or comment about adaptive connection modes in Devolutions Gateway, or any other aspect/feature of this product, please let us know. You can comment below, or connect with us through our Forum.